Focus on Microsoft
SecurityFocus Microsoft Newsletter #440 Apr 20 2009 03:04PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #440
----------------------------------------

This issue is sponsored by Cisco

Five Ways to Know Your Wireless Security

A wireless network can help your employees stay productive as they move around your company. But to
take advantage of the benefits of wireless networking, you need to be sure that your network is safe
from hackers and unauthorized users. Every device in a wireless network is important to security.
Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to
safeguard traffic.

http://dinclinx.com/Redirect.aspx?36;4328;50;189;0;5;259;b3682945b0c3f7c
4

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Facebook, Privacy and Contracts
2. Act Locally, Pwn Globally
II. MICROSOFT VULNERABILITY SUMMARY
1. MagicISO CCD/Cue File Heap Overflow Vulnerability
2. MiniWeb Source Code Information Disclosure Vulnerability
3. MiniWeb Remote Buffer Overflow Vulnerability
4. Elecard AVC HD Player '.xpl' File Remote Stack Buffer Overflow Vulnerability
5. Apollo 'm3u' Playlist File Heap Buffer Overflow Vulnerability
6. Microsoft Windows Media Player MID File Parsing Integer Overflow Vulnerability
7. Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
8. Zervit 'http.c' Remote Buffer Overflow Vulnerability
9. Mini-stream Software RM-MP3 Converter '.pls' File Remote Stack Buffer Overflow Vulnerability
10. Multiple Mini-stream Software Products '.m3u' File Remote Stack Buffer Overflow Vulnerability
11. FTPDMIN 'RNFR' Command Buffer Overflow Vulnerability
12. Microsoft Internet Explorer File Download Denial of Service Vulnerability
13. Xilisoft Video Converter Wizard '.CUE' File Stack Buffer Overflow Vulnerability
14. Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability
15. Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
16. Microsoft Windows 'atapi.sys' Local Privilege Escalation Vulnerability
17. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
18. SWF Opener Buffer Overflow Vulnerability
19. HP ProCurve Manager and ProCurve Manager Plus Unauthorized Access Vulnerability
20. Microsoft April 2009 Advance Notification Multiple Vulnerabilities
21. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
22. Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability
23. Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
24. Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability
25. Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
26. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
27. Microsoft WinHTTP Server Name Mismatch Certificate Validation Security Bypass Vulnerability
28. Microsoft WinHTTP Integer Underflow Memory Corruption Remote Code Execution Vulnerability
29. Microsoft Internet Explorer Uninitialized Memory Variant Three Remote Code Execution
Vulnerability
30. Microsoft Internet Explorer Uninitialized Memory Variant Two Remote Code Execution
Vulnerability
31. Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution
Vulnerability
32. Microsoft ISA Server and Forefront Threat Management Gateway Cross-Site Scripting
Vulnerability
33. Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability
34. Microsoft Excel Malformed Object Remote Memory Corruption Vulnerability
35. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
36. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
37. JustSystems Ichitaro RTF File Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Facebook, Privacy and Contracts
On February 4, the social networking site Facebook made a minor change to its terms of service - the
online contract that every user must agree to when they create an account.
Facebook was trying to solve a legitimate problem: People who deleted their accounts did not realize
that information that they shared with other users would persist on their Facebook friends'
accounts. Thus, they needed some way of telling users that the information might remain.
http://www.securityfocus.com/columnists/497

2. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure,
the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: "Cyber war
has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)."
http://www.securityfocus.com/columnists/496

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. MagicISO CCD/Cue File Heap Overflow Vulnerability
BugTraq ID: 34574
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34574
Summary:
MagicISO is prone to a heap-overflow vulnerability that may be triggered by a malicious '.ccd' or
'.cue' file.

A successful exploit will crash the application. It may also allow an attacker to execute arbitrary
code in the context of the application but this has not been confirmed.

2. MiniWeb Source Code Information Disclosure Vulnerability
BugTraq ID: 34565
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34565
Summary:
MiniWeb is prone to a vulnerability that lets attackers access source code because it fails to
properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer
in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects unknown versions of MiniWeb. We will update this BID when further details are
available.

3. MiniWeb Remote Buffer Overflow Vulnerability
BugTraq ID: 34563
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34563
Summary:
MiniWeb is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

4. Elecard AVC HD Player '.xpl' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34560
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34560
Summary:
Elecard AVC HD Player is prone to a remote stack-based buffer-overflow vulnerability because the
application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

5. Apollo 'm3u' Playlist File Heap Buffer Overflow Vulnerability
BugTraq ID: 34554
Remote: Yes
Date Published: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34554
Summary:
Apollo is prone to a heap-based buffer-overflow vulnerability because the application fails to
bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit
attempts will result in a denial-of-service condition.

Apollo 37zz is vulnerable; other versions may also be affected.

6. Microsoft Windows Media Player MID File Parsing Integer Overflow Vulnerability
BugTraq ID: 34534
Remote: Yes
Date Published: 2009-04-15
Relevant URL: http://www.securityfocus.com/bid/34534
Summary:
Microsoft Windows Media Player is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file
with the vulnerable application. A successful exploit will allow the attacker to execute arbitrary
code within the context of the affected application. Failed exploit attempts will result in a denial
of service.

Windows Media Player 11 is vulnerable; other versions may also be affected.

7. Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
BugTraq ID: 34532
Remote: Yes
Date Published: 2009-04-15
Relevant URL: http://www.securityfocus.com/bid/34532
Summary:
The Microsoft Intelligent Application Gateway (IAG) 2007 Client Components ActiveX Control is prone
to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform
adequate boundary checks on user-supplied data. The ActiveX control is identified by CLSID:

8D9563A9-8D5F-459B-87F2-BA842255CB9A

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the
context of the application using the ActiveX control (typically Internet Explorer). Failed exploit
attempts likely result in denial-of-service conditions.

NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway.

Versions prior to IAG 2007 3.7 SP2 are vulnerable.

8. Zervit 'http.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 34530
Remote: Yes
Date Published: 2009-04-15
Relevant URL: http://www.securityfocus.com/bid/34530
Summary:
Zervit is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

Zervit 0.2 is vulnerable; other versions may also be affected.

9. Mini-stream Software RM-MP3 Converter '.pls' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34514
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34514
Summary:
Mini-stream Software RM-MP3 Converter is prone to a remote stack-based buffer-overflow vulnerability
because it fails to perform adequate checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the
context of the application. Failed attacks will cause denial-of-service conditions.

10. Multiple Mini-stream Software Products '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34494
Remote: Yes
Date Published: 2009-04-13
Relevant URL: http://www.securityfocus.com/bid/34494
Summary:
Multiple Mini-stream Software products are prone to a remote stack-based buffer-overflow
vulnerability because the applications fail to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

11. FTPDMIN 'RNFR' Command Buffer Overflow Vulnerability
BugTraq ID: 34479
Remote: Yes
Date Published: 2009-04-11
Relevant URL: http://www.securityfocus.com/bid/34479
Summary:
FTPDMIN is prone to a buffer-overflow vulnerability.

A successful exploit may allow attackers to execute arbitrary code in the context of the vulnerable
service. Failed exploit attempts will likely cause denial-of-service conditions.

12. Microsoft Internet Explorer File Download Denial of Service Vulnerability
BugTraq ID: 34478
Remote: Yes
Date Published: 2009-04-11
Relevant URL: http://www.securityfocus.com/bid/34478
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to hang the affected browser, resulting in denial-of-service
conditions.

13. Xilisoft Video Converter Wizard '.CUE' File Stack Buffer Overflow Vulnerability
BugTraq ID: 34472
Remote: Yes
Date Published: 2009-04-10
Relevant URL: http://www.securityfocus.com/bid/34472
Summary:
Xilisoft Video Converter Wizard is prone to a stack-based buffer-overflow vulnerability because the
application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Xilisoft Video Converter Wizard 3 is vulnerable; other versions may also be affected.

14. Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability
BugTraq ID: 34470
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34470
Summary:
Microsoft WordPad is prone to a remote code-execution vulnerability because of a stack-based buffer
overflow that may result in corrupted memory.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently
logged-in user. Failed exploit attempts may result in denial-of-service conditions.

15. Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
BugTraq ID: 34469
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34469
Summary:
Microsoft Word 2000 is prone to a remote code-execution vulnerability because it fails to properly
validate an unspecified string when parsing a WordPerfect document.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently
logged-in user. Failed exploit attempts may result in denial-of-service conditions.

16. Microsoft Windows 'atapi.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 34466
Remote: No
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34466
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because it fails to
adequately handle user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploits will cause a denial of service.

17. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
BugTraq ID: 34460
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34460
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component
fails to properly handle compressed media files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context
of the user running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

18. SWF Opener Buffer Overflow Vulnerability
BugTraq ID: 34459
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34459
Summary:
SWF Opener is prone to a remote buffer-overflow vulnerability because it fails to adequately
bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user
running the affected application. Failed exploit attempts will likely result in denial-of-service
conditions.

SWF Opener 1.3 is vulnerable; other versions may also be affected.

19. HP ProCurve Manager and ProCurve Manager Plus Unauthorized Access Vulnerability
BugTraq ID: 34451
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34451
Summary:
HP ProCurve Manager and ProCurve Manager Plus are prone to an unspecified unauthorized-access
vulnerability. Remote attackers may exploit this issue to gain unauthorized access to data.

The following are vulnerable:

ProCurve Manager 3.2 and earlier
ProCurve Manager Plus 3.2 and eariler

20. Microsoft April 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 34450
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34450
Summary:
Microsoft has released advance notification that the vendor will be releasing eight security
bulletins on April 14, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect Windows, Internet Explorer, Office, Excel, and ISA Server.

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

Individual records will be created to document these issues when the bulletins are released.

21. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 34449
Remote: Yes
Date Published: 2009-04-09
Relevant URL: http://www.securityfocus.com/bid/34449
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it
fails to perform adequate boundary checks on user-supplied input.

A remote attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploit attempts will result in a denial-of-service condition.

Versions prior to RepliStor 6.2 SP5 and RepliStor 6.3 SP2 are vulnerable.

22. Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability
BugTraq ID: 34444
Remote: No
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34444
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would
facilitate the complete compromise of affected computers.

The issue affects the following:

Windows Vista
Windows Server 2008

23. Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
BugTraq ID: 34443
Remote: No
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34443
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would
facilitate the complete compromise of affected computers.

The issue affects the following:

Windows XP SP2
Windows Server 2003

24. Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability
BugTraq ID: 34442
Remote: No
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34442
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would
facilitate the complete compromise of affected computers.

The issue affects the following:

Windows XP SP2
Windows Server 2003
Windows Vista
Windows Server 2008

25. Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
BugTraq ID: 34439
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34439
Summary:
Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM (NT LAN Manager)
credentials. A successful exploit would let an attacker execute arbitrary code in the context of the
affected user.

26. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
BugTraq ID: 34438
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34438
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks will cause denial-of-service conditions.

27. Microsoft WinHTTP Server Name Mismatch Certificate Validation Security Bypass Vulnerability
BugTraq ID: 34437
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34437
Summary:
Microsoft Windows HTTP Services (WinHTTP) is prone to a security-bypass vulnerability because of an
error in verifying website certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or
impersonate trusted servers, which will aid in further attacks.

28. Microsoft WinHTTP Integer Underflow Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 34435
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34435
Summary:
Microsoft Windows HTTP Services (WinHTTP) is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise an affected application and possibly the computer.
Failed attacks will cause denial-of-service conditions.

29. Microsoft Internet Explorer Uninitialized Memory Variant Three Remote Code Execution Vulnerability
BugTraq ID: 34426
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34426
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

30. Microsoft Internet Explorer Uninitialized Memory Variant Two Remote Code Execution Vulnerability
BugTraq ID: 34424
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34424
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

31. Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability
BugTraq ID: 34423
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34423
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

32. Microsoft ISA Server and Forefront Threat Management Gateway Cross-Site Scripting Vulnerability
BugTraq ID: 34416
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34416
Summary:
Microsoft ISA (Internet Security and Acceleration) Server and Forefront Threat Management Gateway
(TMG) are prone to a cross-site scripting vulnerability because the software fails to properly
sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site. This may help the attacker steal potentially
sensitive information and launch other attacks.

33. Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability
BugTraq ID: 34414
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34414
Summary:
Microsoft ISA Server and Forefront Threat Management Gateway are prone to a remote denial-of-service
vulnerability.

A remote, anonymous attacker could exploit this issue to cause the Web proxy listener to become
unresponsive, denying service legitimate users.

34. Microsoft Excel Malformed Object Remote Memory Corruption Vulnerability
BugTraq ID: 34413
Remote: Yes
Date Published: 2009-04-14
Relevant URL: http://www.securityfocus.com/bid/34413
Summary:
Microsoft Excel is prone to a memory-corruption vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

35. OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34407
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34407
Summary:
OpenAFS is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly
bounds-check user-supplied data before copying it to an insufficiently sized memory buffer in the
Unix cache manager. The issue occurs when the application processes RX packets in a client context.

An attacker can exploit this issue to execute arbitrary code in the context of the Unix cache
manager, resulting in a complete compromise of the affected computer. Failed exploit attempts will
likely result in a denial of service.

The issue affects these versions:

OpenAFS Unix clients 1.0 through 1.4.8
OpenAFS Unix clients 1.5.0 through 1.5.58

Note that Mac OS X clients are not affected.

36. OpenAFS Error Codes Remote Denial of Service Vulnerabiliy
BugTraq ID: 34404
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34404
Summary:
OpenAFS file server is prone to a denial-of-service vulnerability that occurs on computers running
the Linux kernel.

Successfully exploiting this issue allows attackers to cause a kernel panic, denying service to
legitimate users.

The issue affects these versions:

OpenAFS 1.0 through 1.4.8
OpenAFS 1.5.0 through 1.5.58

37. JustSystems Ichitaro RTF File Buffer Overflow Vulnerability
BugTraq ID: 34403
Remote: Yes
Date Published: 2009-04-07
Relevant URL: http://www.securityfocus.com/bid/34403
Summary:
Ichitaro is prone to a remote buffer-overflow vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable
application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2009 and prior versions are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Cisco

Five Ways to Know Your Wireless Security

A wireless network can help your employees stay productive as they move around your company. But to
take advantage of the benefits of wireless networking, you need to be sure that your network is safe
from hackers and unauthorized users. Every device in a wireless network is important to security.
Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to
safeguard traffic.

http://dinclinx.com/Redirect.aspx?36;4328;50;189;0;5;259;b3682945b0c3f7c
4

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus